GDPR Certification

Lets take privacy serious this time!


Implementing Privacy by Design and Encryption to obtain GDPR Certification is not only a question about keeping the personal data secure under the law, but by showing the certified logo on your website you build trust between your company and the consumers.

Here is where you must do to get certified by the EUROPEAN CENTER FOR GDPR CERTIFICATION:

GDPR BRONZE CERTIFIED™: Awareness training session attended by stakeholders of the company. Base-level training attended by stakeholders and key personnel. To reduce the likelihood of decision maker’s errors and introduce an effective way of GDPR to organization’s staff that will allow them to gain a comprehensive understanding of the new Regulation’s requirements with minimal disruption to their daily workload. Steering committee assembled adhering to GDPR articles 37, 38 and 39 capable to appoint an in-house DPO or responsible for signing service agreement for an outsourced DPO service. DPA identified and communication established.

GDPR SILVER CERTIFIED™: DPO appointed.
Data discovery and process mapping completed.
Data Protection Impact and Privacy Impact Assessments completed.
GAP analysis completed.
Business model and processes map updated.
Risk analysis completed.
Risk data risk mitigation measures identified.
Actionable roadmap signed-off by leadership.

GDPR GOLD CERTIFIED™: Gold Trust Seal permit use of outsourced DPO.
Data breach incident management program in place.
Legal framework updated (notices, agreements, etc).
Data and privacy protection policies created or updated.
Training and awareness program in place.
Maintain communication with the subject matter professional network.
Maintain communication with regulatory authorities.
Annual audit of output to keep the GDPRcertified.org Trust Seal.

GDPR PLATINUM CERTIFIED™: Platinum Trust Seal requires in-house DPO.
Successful audit of proof of measures to mitigate data risks.
Ability to demonstrate Article 5 requirements.
Successful resolution of two data breach incidents (low risk and high risk).
Present results of data breach action plan.
Present updated process map and remedial solution for data breaches.
Annual audit of output to keep the GDPRcertified.org Trust Seal.

 

Certification is open to all companies from around the world 

To learn more about the EUROPEAN CENTER FOR GDPR CERTIFICATION visit their website today!

 There is no higher and more trusted GDPR certification, period!

GDPR BRONZE CERTIFIED™, GDPR SILVER CERTIFIED™, GDPR GOLD CERTIFIED™ and GDPR PLATINUM CERTIFIED™ are all trademarks of the European Center for GDPR Certification.


NOTE:
The SWISS EU US PrivacyShield.gov has nothing to do with compliance under GDPR. This is moreover an agreement between the Swiss Data Protection Agency and the US in order to try to find a loophole around the actual EU GDPR privacy laws for American businesses who want to sell to Europeans. However Switzerland is not a member of the European Union! Furthermore their offering of Self-Certify must not be taken serious. Only 3rd party GDPR Certification and documentation based on ISO 6005 or similar processes including Privacy by Design and potential encryption should be recognized to ensure data subjects about the highest possible compliance and protection under the EU General Data Protection Regulation. Lets take privacy serious this time! There has been too many big breaches of personal data in the USA over the last years and lets never forget EQUIFAX!!! Giving corporations rights to self-certify is like letting the wolf watch over the lambs…… Here is the framework www.commerce.gov/news/fact-sheets/2016/02/fact-sheet-overview-eu-us-privacy-shield-frameworkNO place is it even close to mention the specific rights of EU citizens laid out here “Know Your Rights!” and nowhere does this fact sheet mention that specific consent must be given and can be withdrawn just as easily. This is not about handling complaints, this is about handling privacy and simple requests from the data subjects how their data is used. That’s not a complaint before its missuses! Nor is there anything in this fact sheet about the FINES to US Corporations!

If the US company don’t reply to the data subject within 45 days about how their personal data is used, then they can only file an online complaint with another US website called Truste. Or finally try to write a 3rd. complaint over an American company to DPA – Data Protection Authority in EU. This is NOT how GDPR was intended – They want action!

GDPR Watchdog will challenge the companies listed under PrivacyShield.gov to deliver accountable information to the data subjects(EU Citizens) after May 25th 2018. We will report back on that in our daily newsletters, so sign up!

At least America has tried but what about all the other countries around the world….? We suggest you only deal with companies which are: GDPR Certified